DDoS Attacks Surging

HSBC UK’s online banking system was hit with a DDoS attack at the end of January. As of the writing of this blog post, officials didn’t know who was responsible or the reasons behind the attack. The bank’s mobile app was not technically hit by the DDoS attack, but because so many users turned to the app when the website went down, the volume overwhelmed the connection.

DDoS attacks happen all the time, with varying levels of damage, yet they are sometimes overshadowed by breaches and other types of cyberattacks. I mention the HSBC DDoS attack in part because of its scale (HSBC is one of the largest banks in the world) and in part as a segue to discuss the changing scale of DDoS attacks.

Reflection DDoS attacks exploit weaknesses in a third party’s configuration to amplify an attack. In Q4, three new amplification channels were discovered. The attackers send traffic to the targeted sites via NetBIOS name servers, domain controller PRC services connected via a dynamic port, and to WD Sentinel licensing servers.

Could we be seeing the beginning of a surge in DDoS attacks? IT Pro Portal seems to think so, calling DDoS attacks the “threat of the month.” IT Online also pointed out that this rise in attacks has been coming on for a while:

Igal Zeifman, senior digital strategist for Imperva Incapsula, wrote on his blog: “Most notably, the second half of 2015 saw a surge in the use of DDoS-for-hire services. In a nutshell, these services allow anyone with a PayPal account to launch DDoS attacks of medium to high volume lasting between 30 and 60 minutes.”

DDoS attack size has grown 60 times since the survey first began, and continues to, with other victims in 2015 reporting attacks of 450 Gbps, 425 Gbps and 337 Gbps.

The complexity of attacks is also increasing, with over half (56%) reporting so-called ‘multi-vector’ attacks designed to hit infrastructure, applications and services simultaneously.

DDoS attacks are happening, and they are getting more complicated, but they don’t have to be devastating to your business, as Monzy Merza, chief security evangelist with Splunk, told me in an email comment:

In today’s cybersecurity landscape, all companies should expect to be targeted by attackers. While it’s essential to consider prevention strategies, it’s equally important to consider recovery and to be positioned to bounce back quickly and maintain continuity. Organizations need to have a deep understanding of their infrastructure and environment, meaning that full visibility is the key. A successful recovery plan includes visibility, analysis and automated and human-mediated response capabilities. The HSBC breach shows us that attacks are bound to happen and a well-instrumented organization can recover from even the most sophisticated attacks.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba